This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi
azure-native.keyvault.getVault
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi
Gets the specified Azure key vault. Azure REST API version: 2023-02-01.
Other available API versions: 2018-02-14-preview, 2023-07-01, 2024-04-01-preview.
Using getVault
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getVault(args: GetVaultArgs, opts?: InvokeOptions): Promise<GetVaultResult>
function getVaultOutput(args: GetVaultOutputArgs, opts?: InvokeOptions): Output<GetVaultResult>
def get_vault(resource_group_name: Optional[str] = None,
vault_name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetVaultResult
def get_vault_output(resource_group_name: Optional[pulumi.Input[str]] = None,
vault_name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetVaultResult]
func LookupVault(ctx *Context, args *LookupVaultArgs, opts ...InvokeOption) (*LookupVaultResult, error)
func LookupVaultOutput(ctx *Context, args *LookupVaultOutputArgs, opts ...InvokeOption) LookupVaultResultOutput
> Note: This function is named LookupVault
in the Go SDK.
public static class GetVault
{
public static Task<GetVaultResult> InvokeAsync(GetVaultArgs args, InvokeOptions? opts = null)
public static Output<GetVaultResult> Invoke(GetVaultInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetVaultResult> getVault(GetVaultArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azure-native:keyvault:getVault
arguments:
# arguments dictionary
The following arguments are supported:
- Resource
Group stringName - The name of the Resource Group to which the vault belongs.
- Vault
Name string - The name of the vault.
- Resource
Group stringName - The name of the Resource Group to which the vault belongs.
- Vault
Name string - The name of the vault.
- resource
Group StringName - The name of the Resource Group to which the vault belongs.
- vault
Name String - The name of the vault.
- resource
Group stringName - The name of the Resource Group to which the vault belongs.
- vault
Name string - The name of the vault.
- resource_
group_ strname - The name of the Resource Group to which the vault belongs.
- vault_
name str - The name of the vault.
- resource
Group StringName - The name of the Resource Group to which the vault belongs.
- vault
Name String - The name of the vault.
getVault Result
The following output properties are available:
- Id string
- Fully qualified identifier of the key vault resource.
- Name string
- Name of the key vault resource.
- Properties
Pulumi.
Azure Native. Key Vault. Outputs. Vault Properties Response - Properties of the vault
- System
Data Pulumi.Azure Native. Key Vault. Outputs. System Data Response - System metadata for the key vault.
- Type string
- Resource type of the key vault resource.
- Location string
- Azure location of the key vault resource.
- Dictionary<string, string>
- Tags assigned to the key vault resource.
- Id string
- Fully qualified identifier of the key vault resource.
- Name string
- Name of the key vault resource.
- Properties
Vault
Properties Response - Properties of the vault
- System
Data SystemData Response - System metadata for the key vault.
- Type string
- Resource type of the key vault resource.
- Location string
- Azure location of the key vault resource.
- map[string]string
- Tags assigned to the key vault resource.
- id String
- Fully qualified identifier of the key vault resource.
- name String
- Name of the key vault resource.
- properties
Vault
Properties Response - Properties of the vault
- system
Data SystemData Response - System metadata for the key vault.
- type String
- Resource type of the key vault resource.
- location String
- Azure location of the key vault resource.
- Map<String,String>
- Tags assigned to the key vault resource.
- id string
- Fully qualified identifier of the key vault resource.
- name string
- Name of the key vault resource.
- properties
Vault
Properties Response - Properties of the vault
- system
Data SystemData Response - System metadata for the key vault.
- type string
- Resource type of the key vault resource.
- location string
- Azure location of the key vault resource.
- {[key: string]: string}
- Tags assigned to the key vault resource.
- id str
- Fully qualified identifier of the key vault resource.
- name str
- Name of the key vault resource.
- properties
Vault
Properties Response - Properties of the vault
- system_
data SystemData Response - System metadata for the key vault.
- type str
- Resource type of the key vault resource.
- location str
- Azure location of the key vault resource.
- Mapping[str, str]
- Tags assigned to the key vault resource.
- id String
- Fully qualified identifier of the key vault resource.
- name String
- Name of the key vault resource.
- properties Property Map
- Properties of the vault
- system
Data Property Map - System metadata for the key vault.
- type String
- Resource type of the key vault resource.
- location String
- Azure location of the key vault resource.
- Map<String>
- Tags assigned to the key vault resource.
Supporting Types
AccessPolicyEntryResponse
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
Pulumi.
Azure Native. Key Vault. Inputs. Permissions Response - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- Object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- Permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Application
Id string - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
- object
Id string - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id string - Application ID of the client making request on behalf of a principal
- object_
id str - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions
Permissions
Response - Permissions the identity has for keys, secrets and certificates.
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application_
id str - Application ID of the client making request on behalf of a principal
- object
Id String - The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies.
- permissions Property Map
- Permissions the identity has for keys, secrets and certificates.
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- application
Id String - Application ID of the client making request on behalf of a principal
IPRuleResponse
- Value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- Value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value String
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value string
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value str
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
- value String
- An IPv4 address range in CIDR notation, such as '124.56.78.91' (simple IP address) or '124.56.78.0/24' (all addresses that start with 124.56.78).
NetworkRuleSetResponse
- Bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules List<Pulumi.Azure Native. Key Vault. Inputs. IPRule Response> - The list of IP address rules.
- Virtual
Network List<Pulumi.Rules Azure Native. Key Vault. Inputs. Virtual Network Rule Response> - The list of virtual network rules.
- Bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- Default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- Ip
Rules []IPRuleResponse - The list of IP address rules.
- Virtual
Network []VirtualRules Network Rule Response - The list of virtual network rules.
- bypass String
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<IPRuleResponse> - The list of IP address rules.
- virtual
Network List<VirtualRules Network Rule Response> - The list of virtual network rules.
- bypass string
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action string - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules IPRuleResponse[] - The list of IP address rules.
- virtual
Network VirtualRules Network Rule Response[] - The list of virtual network rules.
- bypass str
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default_
action str - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip_
rules Sequence[IPRuleResponse] - The list of IP address rules.
- virtual_
network_ Sequence[Virtualrules Network Rule Response] - The list of virtual network rules.
- bypass String
- Tells what traffic can bypass network rules. This can be 'AzureServices' or 'None'. If not specified the default is 'AzureServices'.
- default
Action String - The default action when no rule from ipRules and from virtualNetworkRules match. This is only used after the bypass property has been evaluated.
- ip
Rules List<Property Map> - The list of IP address rules.
- virtual
Network List<Property Map>Rules - The list of virtual network rules.
PermissionsResponse
- Certificates List<string>
- Permissions to certificates
- Keys List<string>
- Permissions to keys
- Secrets List<string>
- Permissions to secrets
- Storage List<string>
- Permissions to storage accounts
- Certificates []string
- Permissions to certificates
- Keys []string
- Permissions to keys
- Secrets []string
- Permissions to secrets
- Storage []string
- Permissions to storage accounts
- certificates List<String>
- Permissions to certificates
- keys List<String>
- Permissions to keys
- secrets List<String>
- Permissions to secrets
- storage List<String>
- Permissions to storage accounts
- certificates string[]
- Permissions to certificates
- keys string[]
- Permissions to keys
- secrets string[]
- Permissions to secrets
- storage string[]
- Permissions to storage accounts
- certificates Sequence[str]
- Permissions to certificates
- keys Sequence[str]
- Permissions to keys
- secrets Sequence[str]
- Permissions to secrets
- storage Sequence[str]
- Permissions to storage accounts
- certificates List<String>
- Permissions to certificates
- keys List<String>
- Permissions to keys
- secrets List<String>
- Permissions to secrets
- storage List<String>
- Permissions to storage accounts
PrivateEndpointConnectionItemResponse
- Provisioning
State string - Provisioning state of the private endpoint connection.
- Etag string
- Modified whenever there is a change in the state of private endpoint connection.
- Id string
- Id of private endpoint connection.
- Private
Endpoint Pulumi.Azure Native. Key Vault. Inputs. Private Endpoint Response - Properties of the private endpoint object.
- Private
Link Pulumi.Service Connection State Azure Native. Key Vault. Inputs. Private Link Service Connection State Response - Approval state of the private link connection.
- Provisioning
State string - Provisioning state of the private endpoint connection.
- Etag string
- Modified whenever there is a change in the state of private endpoint connection.
- Id string
- Id of private endpoint connection.
- Private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- Private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State String - Provisioning state of the private endpoint connection.
- etag String
- Modified whenever there is a change in the state of private endpoint connection.
- id String
- Id of private endpoint connection.
- private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State string - Provisioning state of the private endpoint connection.
- etag string
- Modified whenever there is a change in the state of private endpoint connection.
- id string
- Id of private endpoint connection.
- private
Endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private
Link PrivateService Connection State Link Service Connection State Response - Approval state of the private link connection.
- provisioning_
state str - Provisioning state of the private endpoint connection.
- etag str
- Modified whenever there is a change in the state of private endpoint connection.
- id str
- Id of private endpoint connection.
- private_
endpoint PrivateEndpoint Response - Properties of the private endpoint object.
- private_
link_ Privateservice_ connection_ state Link Service Connection State Response - Approval state of the private link connection.
- provisioning
State String - Provisioning state of the private endpoint connection.
- etag String
- Modified whenever there is a change in the state of private endpoint connection.
- id String
- Id of private endpoint connection.
- private
Endpoint Property Map - Properties of the private endpoint object.
- private
Link Property MapService Connection State - Approval state of the private link connection.
PrivateEndpointResponse
- Id string
- Full identifier of the private endpoint resource.
- Id string
- Full identifier of the private endpoint resource.
- id String
- Full identifier of the private endpoint resource.
- id string
- Full identifier of the private endpoint resource.
- id str
- Full identifier of the private endpoint resource.
- id String
- Full identifier of the private endpoint resource.
PrivateLinkServiceConnectionStateResponse
- Actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- Description string
- The reason for approval or rejection.
- Status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- Actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- Description string
- The reason for approval or rejection.
- Status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required String - A message indicating if changes on the service provider require any updates on the consumer.
- description String
- The reason for approval or rejection.
- status String
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required string - A message indicating if changes on the service provider require any updates on the consumer.
- description string
- The reason for approval or rejection.
- status string
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions_
required str - A message indicating if changes on the service provider require any updates on the consumer.
- description str
- The reason for approval or rejection.
- status str
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
- actions
Required String - A message indicating if changes on the service provider require any updates on the consumer.
- description String
- The reason for approval or rejection.
- status String
- Indicates whether the connection has been approved, rejected or removed by the key vault owner.
SkuResponse
SystemDataResponse
- Created
At string - The timestamp of the key vault resource creation (UTC).
- Created
By string - The identity that created the key vault resource.
- Created
By stringType - The type of identity that created the key vault resource.
- Last
Modified stringAt - The timestamp of the key vault resource last modification (UTC).
- Last
Modified stringBy - The identity that last modified the key vault resource.
- Last
Modified stringBy Type - The type of identity that last modified the key vault resource.
- Created
At string - The timestamp of the key vault resource creation (UTC).
- Created
By string - The identity that created the key vault resource.
- Created
By stringType - The type of identity that created the key vault resource.
- Last
Modified stringAt - The timestamp of the key vault resource last modification (UTC).
- Last
Modified stringBy - The identity that last modified the key vault resource.
- Last
Modified stringBy Type - The type of identity that last modified the key vault resource.
- created
At String - The timestamp of the key vault resource creation (UTC).
- created
By String - The identity that created the key vault resource.
- created
By StringType - The type of identity that created the key vault resource.
- last
Modified StringAt - The timestamp of the key vault resource last modification (UTC).
- last
Modified StringBy - The identity that last modified the key vault resource.
- last
Modified StringBy Type - The type of identity that last modified the key vault resource.
- created
At string - The timestamp of the key vault resource creation (UTC).
- created
By string - The identity that created the key vault resource.
- created
By stringType - The type of identity that created the key vault resource.
- last
Modified stringAt - The timestamp of the key vault resource last modification (UTC).
- last
Modified stringBy - The identity that last modified the key vault resource.
- last
Modified stringBy Type - The type of identity that last modified the key vault resource.
- created_
at str - The timestamp of the key vault resource creation (UTC).
- created_
by str - The identity that created the key vault resource.
- created_
by_ strtype - The type of identity that created the key vault resource.
- last_
modified_ strat - The timestamp of the key vault resource last modification (UTC).
- last_
modified_ strby - The identity that last modified the key vault resource.
- last_
modified_ strby_ type - The type of identity that last modified the key vault resource.
- created
At String - The timestamp of the key vault resource creation (UTC).
- created
By String - The identity that created the key vault resource.
- created
By StringType - The type of identity that created the key vault resource.
- last
Modified StringAt - The timestamp of the key vault resource last modification (UTC).
- last
Modified StringBy - The identity that last modified the key vault resource.
- last
Modified StringBy Type - The type of identity that last modified the key vault resource.
VaultPropertiesResponse
- Hsm
Pool stringResource Id - The resource id of HSM Pool.
- Private
Endpoint List<Pulumi.Connections Azure Native. Key Vault. Inputs. Private Endpoint Connection Item Response> - List of private endpoint connections associated with the key vault.
- Sku
Pulumi.
Azure Native. Key Vault. Inputs. Sku Response - SKU details
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies List<Pulumi.Azure Native. Key Vault. Inputs. Access Policy Entry Response> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createMode
is set torecover
, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls Pulumi.Azure Native. Key Vault. Inputs. Network Rule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- Provisioning
State string - Provisioning state of the vault.
- Public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- Hsm
Pool stringResource Id - The resource id of HSM Pool.
- Private
Endpoint []PrivateConnections Endpoint Connection Item Response - List of private endpoint connections associated with the key vault.
- Sku
Sku
Response - SKU details
- Tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- Access
Policies []AccessPolicy Entry Response - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createMode
is set torecover
, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - Enable
Purge boolProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- Enable
Soft boolDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- Enabled
For boolDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- Enabled
For boolDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- Enabled
For boolTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- Network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- Provisioning
State string - Provisioning state of the vault.
- Public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- Soft
Delete intRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- Vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- hsm
Pool StringResource Id - The resource id of HSM Pool.
- private
Endpoint List<PrivateConnections Endpoint Connection Item Response> - List of private endpoint connections associated with the key vault.
- sku
Sku
Response - SKU details
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<AccessPolicy Entry Response> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createMode
is set torecover
, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State String - Provisioning state of the vault.
- public
Network StringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete IntegerRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
- hsm
Pool stringResource Id - The resource id of HSM Pool.
- private
Endpoint PrivateConnections Endpoint Connection Item Response[] - List of private endpoint connections associated with the key vault.
- sku
Sku
Response - SKU details
- tenant
Id string - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies AccessPolicy Entry Response[] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createMode
is set torecover
, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable
Purge booleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft booleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For booleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For booleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For booleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State string - Provisioning state of the vault.
- public
Network stringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete numberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri string - The URI of the vault for performing operations on keys and secrets.
- hsm_
pool_ strresource_ id - The resource id of HSM Pool.
- private_
endpoint_ Sequence[Privateconnections Endpoint Connection Item Response] - List of private endpoint connections associated with the key vault.
- sku
Sku
Response - SKU details
- tenant_
id str - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access_
policies Sequence[AccessPolicy Entry Response] - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createMode
is set torecover
, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable_
purge_ boolprotection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- bool
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable_
soft_ booldelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled_
for_ booldeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled_
for_ booldisk_ encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled_
for_ booltemplate_ deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network_
acls NetworkRule Set Response - Rules governing the accessibility of the key vault from specific network locations.
- provisioning_
state str - Provisioning state of the vault.
- public_
network_ straccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft_
delete_ intretention_ in_ days - softDelete data retention days. It accepts >=7 and <=90.
- vault_
uri str - The URI of the vault for performing operations on keys and secrets.
- hsm
Pool StringResource Id - The resource id of HSM Pool.
- private
Endpoint List<Property Map>Connections - List of private endpoint connections associated with the key vault.
- sku Property Map
- SKU details
- tenant
Id String - The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
- access
Policies List<Property Map> - An array of 0 to 1024 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. When
createMode
is set torecover
, access policies are not required. Otherwise, access policies are required. These are also available as standalone resources. Do not mix inline and standalone resource as they will conflict with each other, leading to resources deletion. - enable
Purge BooleanProtection - Property specifying whether protection against purge is enabled for this vault. Setting this property to true activates protection against purge for this vault and its content - only the Key Vault service may initiate a hard, irrecoverable deletion. The setting is effective only if soft delete is also enabled. Enabling this functionality is irreversible - that is, the property does not accept false as its value.
- Boolean
- Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.
- enable
Soft BooleanDelete - Property to specify whether the 'soft delete' functionality is enabled for this key vault. If it's not set to any value(true or false) when creating new key vault, it will be set to true by default. Once set to true, it cannot be reverted to false.
- enabled
For BooleanDeployment - Property to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault.
- enabled
For BooleanDisk Encryption - Property to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys.
- enabled
For BooleanTemplate Deployment - Property to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault.
- network
Acls Property Map - Rules governing the accessibility of the key vault from specific network locations.
- provisioning
State String - Provisioning state of the vault.
- public
Network StringAccess - Property to specify whether the vault will accept traffic from public internet. If set to 'disabled' all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.
- soft
Delete NumberRetention In Days - softDelete data retention days. It accepts >=7 and <=90.
- vault
Uri String - The URI of the vault for performing operations on keys and secrets.
VirtualNetworkRuleResponse
- Id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- Id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- Ignore
Missing boolVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id String
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id string
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing booleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id str
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore_
missing_ boolvnet_ service_ endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
- id String
- Full resource id of a vnet subnet, such as '/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/test-vnet/subnets/subnet1'.
- ignore
Missing BooleanVnet Service Endpoint - Property to specify whether NRP will ignore the check if parent subnet has serviceEndpoints configured.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi